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UNITED STATES DISTRICT COURT 
FOR THE DISTRICT OF COLUMBIA 



UMTED STATES OF AMERICA 



JOSEPH T. COLON, 



Defendant. 



RLED 

MAR 2 4 2008 



CRIMINAL NO.: O^"^ 

VIOLATIONS: 18 U.S.C 

§ 1030(a)(2)(B) 

(Intentionally Accessing a Computer 
While Exceeding Authorized Access 
And Obtaining Information from any 
Department of the United States); 



STATEMENT OF OFFENSE 
Pursuaiit to Fed. R, Crim. P. 1 1, the defendant Jospeh Colon aiid the United States agree 
and stipulate as follows: 



I . The defendant, lOSEPH THOMAS COLON, resided at 8 11 6 Tack Lane, Springfield, 



Illinois. 

2. A network is a series of devices, including computers and telecommunication devices, 
comiected by communication channels. 

3. A server Is a centralized computer that provides services for other coniputers 
connected to it. 



4, Computer passwords and other data security devices are passwords or devices 
designed to restrict access to or hide computer sofhvare, documentation, or data. Data security 
devices may consist of hardware, software, or other programming code, A password (a string of 
alpha-numeric characters) usually operates as a sort of digital key to "unlock" particular data 
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security devices. Data security hardware may include encryption devices, chips, and circuit 
boards. Data security software or digital code may include programming code that creates "test" 
keys or "hot" keys, which perfonn ceitain pre-set security functions when touched. Data security 
software or code may also encrypt, compress, hide, or "booby-trap" protected data to make it 
inaccessible or unusable, as well as reverse the process to restore it. 

5. Secitrity Account Manager (SAM) is a database of user and group account information 
"hashes" on Microsoft Windows NT-based computer systems. Hashes are essentially encrypted 
versions of user passwords, but not the actual passwords themselves. A hash is generated by 
applying a 125 -bit algorithm to a user password. 

6. Pvvdump3.exe ("pwdump") is a free program on the Inieraei ajid is used to e.xtract the 
Microsoft Windows NT SAM database of user hashes and account infomiation to a text file. 
Once a user obtains the output of pwdump, the user still does not have access to passwords. 
However, once in a text file, the output of the pwdump program can now be decrypted or 
"cracked". 

7. LOphtcrack (pronounced "loftcrack") is a password decryption tool. Developed by 
"lOpht Heavy Industries" group, this decryption tool identifies password weaknesses. LOphtcrack 
takes the hashed (unreadable) output of the PWDump program and uses a variety of methods to 
make it readable, in other words, to reveal the plain text passwords that correspond to the hash 
values. LOphtcrack decrypts (cracks) the hash by using dictionary word comparisons, lists of 
common passwords, and character substitution techniques, among others. 

8. BAE Systems or BAE (formerly known as DigitialNei) is a contractor employed by 
the Federal Bureau of Investigation (FBI) to provide support for the conversion of the FBI's 
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com^ersion to a new classified computer netw'orking system (part of a project called the "Trilogy 
project.") 

9. The defendant, JOSEPH THOMAS COLON, was an employee of BAE and was 
assigned to the Springfield, Illinois division of the FBI as of December 8th, 2003, as an 
infonnation technology specialist (ITS) contractor during the time of the offense. 

10. The FBI is part of the Department of Justice and the Department of Justice is an 
executive department as enumerated in Title 5, United States Code Section 101 . 

1 1 . The FBI's classified SECRET internal computer network maintains computer seivers 
and networks in Washington, D.C.. 

12. The defendant, JOSEPH THOMAS COLON, was not authorized to access the FBI's 
classified SECRET internal computer network's SAM file, that is, the file containing computer 
network usemames and encrypted passwords for all users on the network. 

COUNT om 

13. On or about March 2, 2004, at approximately 4:33 p.m. EST, defendant JOSEPH 
THOMAS COLON intentionally accessed a computer in excess of his authorized access and 
thereby obtained infonnation he was not entitled to obtain from a department of the United 
States. 

14. On that date, defendant JOSEPH THOMAS COLON intentionally obtained a SAM 
file from the FBI's classified SECRET computer network that maintains servers in the District of 
Columbia. Defendant obtained the file by executing the pwdump software program. The SAM 
file contained a list of usemames and encrypted passwords for over 38,000 user accounts on the 
FBI's classified computer network. Defendant was not authorized to access the information 
contained m the SAM 61e. 
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15. Defendant JOSEPH THOMAS COLON subsequently intentionally used LOphtcrack 
software program to deciypt the passwords accompanying the user names. 

COUNT TWO 

16. On or about May 24, 2004, at approximately 3:45 p.m. EST, defendant JOSEPH 
THOMAS COLON intentionally accessed a computer in excess of his authorized access and 
thereby obtained infonnation he was not entitled to obtain from a department of ilie United 
States. 

17. On that date, defendant JOSEPH THOMAS COLON intentionally obtained a SAM 
rile from the FBI's classified SECRET computei- network that maintains servers in the District of 
Columbia. Defendant obtained the file by executing the pwdump soflware program. The SAM 
file coniained a list of usemames and encrypted passwords for all user accounts on the FBI's 
classified computer network. Defendant was not authorized to access the infomiation contained 
in the SAJVI file. 

1 8. Defendant JOSEPH THOMAS COLON subsequently intentionally used LOphtcrack 
software program to deciypt the passwords accompanying the user names. 

COUNT THREE 

19. On or about July 26, 2004, at approximately 1 1:49 a..m. EST, defendant JOSEPH 
THOMAS COLON intentionally accessed a computer in excess of his authorized access and 
thereby obtained information he was not entitled to obtain from a department of the United 
States. 

20. On that date, defendant JOSEPH THOMAS COLON intentionally obtained a SAM 
file from the FBI's classified SECRET computer network that maintains senders in the District of 
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Columbia. Defendant obtained the file by executing the pwdump software program. The SA.M 
tile contained a list of usemames and encrypted passwords for all user accounts on the FBI's 
classified computer network. Defendant was not authorized to access the information contained 
in the SAJsi file. 

2 1 . Defendant JOSEPH THOMAS COLON subsequently intentionally used LOphtcraclc 
software program to decrypt the passwords accompanying the user names. 

COUNT FOUR 

22. On or about November 16, 2004, at approximately 4:33 p.m. EST, defendant 
JOSEPH THOMAS COLON intentionally accessed a computer in excess of his authorized 
access and thereby obtained information he was not entitled to obtain from a department of the 
United States. 

23. On that date, defendant JOSEPH THOMAS COLON intentionally obtained a SAM 
file from the FBI's classified SECRET computer network that maintains servers in the District of 
Columbia. Defendant obtained the file by executing the pwdump software program. The SAM 
file contained a list of usemames and encrypted passwords for all user accounts on the FBI's 
classified computer network. Defendant was not authorized to access the infomiation contained 
in the SAM file. 

24. Defendant JOSEPH THOMAS COLON subsequently intentionally used LOphtcrack 
software program to decrypt the passwords accompanying the user names. 



Respectfully submitted, 
KENNETH L. WALMSTEIN 
United States Attorney 
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By: 



for the District of Columbia 




A^stantU.S. Attorney 

Computer Hacking and Intellectual Property Unit 

555 4'' Street, N.W. 

Washington, D.C. 20530 

202-353-2457 



DEFENDANT'S ACCEPTANCE 

I have read every word of this _£_ page statement of offense. Pursuant to Fed. R, Cr P. 
11, after consulting with my attorney, I agree and stipulate to this statement of offense, and 
declare under penalty of perjury that it is true and^rrect. 

'/of. V'V^ 



Date 



.-?/ 



^/S^fQ(, 




JO^PH T. COLON 
Defendant 



I have read each of tiie _^ pages constituting this statement of offense and reviewed and 
discussed them with ray client. I concur with his decisioij.^ stipulate to this statement of 
offense. -/ x 

Date: 'y^^ ^f^^^€> ^ 

Rl^HAfi) WINELANDER 
Attorney for the defendant 




